meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, April 11th, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 11 April 2022

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Misc Spring4Shell Items (Cisco, Mirai, Nginx); Russian CA Update; Conti Ransomware Copycats

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, April 11, 2000, 22 edition of the Sandtonet Storm Center's Stormcast. My name is Johannes Ulrich,

0:09.8

and I'm recording from Jacksonville, Florida. Well, let's start with a couple of Spring for Shell

0:17.2

related items that sort of came out last week, but didn't make it in any of last

0:23.1

week's podcast. So really just a little bit follow-up here. First of all, Cisco keeps updating

0:29.8

its advisory. They labeled this vulnerability as critical, and there is no a long list of Cisco products that are affected for which

0:41.7

also at least in some cases updates are available so if you are a Cisco customer double

0:48.5

check this advisory i'll link to it in the show notes had actually a little bit of hard time myself finding the correct advisory here that lists all the vulnerable products.

1:01.5

And I do believe this is still very much work in progress, so keep checking it for any updates, any new products included here.

1:10.6

And Trent Micro is reporting that they're seeing some exploitation of the vulnerability in order to install the Mirai Botnet.

1:20.6

No real surprise here, Mirai Botnet and CryptoCoinminers is certainly very much expected.

1:26.6

We have seen a number of attempts like that.

1:30.7

Now, the trend micrologs that they are showing really just show that someone is exploiting

1:37.2

the web shell that's being left behind by the proof of concept exploit.

1:42.8

It even still uses the default password.

1:46.6

So this may not so much be an exploitation of actually the Springfarshall war on ability,

1:53.5

but instead it's really more parasitic where they're looking for web shells that are already

2:00.0

installed here in particular particular since they're using

2:02.5

the default password instead of coming up with their own password. This would be a trivial change

2:07.8

to the original exploit. And then more speculative but possibly related to Springforshell is an

2:16.8

announcement by a Twitter user who goes under

2:19.2

Brayson Eagle who claims that there is a seraday vulnerability in EngineX that has not been

2:27.7

patched yet. Now Bracin Eagle has since marked their Twitter account as private.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.